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SECURE ELECTRONIC REGISTRATION AND VOTING SOLUTION 
CROSS REFERENCE TO RELATED APPLICATIONS 
[0001] This application claims benefit of U.S. Provisional Application No. 
60/444,885 entitled "SECURE ELECTRONIC REGISTRATION AND VOTING 
SOLUTION" and filed February 5, 2003, which is hereby incorporated by reference. 

BACKGROUND OF THE INVENTION 
Field of the Invention 

[0002] The present invention relates to an on-line voting solution, and more 

particularly, to a secure electronic registration and voting solution incorporating 
integrated end-to-end voting system architecture and processes providing secure 
identification and authentication, voter registration, ballot creation, voting, and 
ballot tabulation. 
Discussion of the Related Art 

[0003] The elections process has come under increasing scrutiny over the 
years. In particular, voting machine failures, confusing or incorrect ballots, 
confusion over voting locations, and mishandled absentee ballots have been held out 
as focal points in recent elections. 

[0004] Typically, a person intending to vote must register prior to an election. 
On an election day a person must then locate their assigned polling location, as well 
as navigate what can be can be a complex ballot or balloting machine. 
[0005] Even more problematic is the case of an absentee voter, one who will 
be out of the voting jurisdiction or unable to travel to the polling location on an 



2 



Attorney Docket No. 86769-0026 

election day. For example, registration for absentee balloting must take place well 
before the election. An absentee ballot is then provided to the absentee voter, 
generally by mail. The absentee voter must then complete the ballot and return it 
to the absentee voter's local election office by a specific date, again, generally by 
mail. Aside from the obvious issues associated with using the mail for timely 
delivery of the ballot, there exist many additional opportunities for an absentee 
ballot to be mishandled. 

[0006] For a voter who is absent from their jurisdiction or a voter living in a 
foreign country the issues associated with using the mail may be amplified 
considerably. The need to mail a ballot early enough to arrive at a local election 
office on or before the scheduled deadline may limit an absentee voter's ability to 
review information concerning the issues and candidates associated with an election. 
For example, due to the mailing requirements of an absentee ballot, an absentee 
voter may not have an opportunity to view or read about candidate debates that 
may occur after the absentee voter has cast and mailed their ballot but before the 
day of the actual election. 

[0007] These and other deficiencies exist in current voting solutions. 
Therefore, a solution to these problems is needed, providing an improved voting 
solution, including the ability for an absentee voter to register to vote, receive their 
ballot and to securely cast his or her ballot so that it is counted in an election. 
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SUMMARY OF THE INVENTION 
[0008] Accordingly, in view of these and other deficiencies inherent in current 
voting solutions, the present invention is directed to a secure electronic registration 
and voting solution incorporating integrated end-to-end voting system architecture 
and processes providing secure identification and authentication, voter registration, 
ballot definition, ballot presentation to the voter, voting, and ballot tabulation via 
secure transmission over the network. 

[0009] In one embodiment of the present invention, a secure electronic 
registration and voting system, for use by a user, such as a potential voter, a voter, 
or a local election official, providing access to voting related subsystems and 
processes through a network is disclosed. The secure electronic registration and 
voting system includes a central hosting facility connected to the network. The 
central hosting facility includes a home page as an access point for the user, an 
application processing segment for providing election processing, and a storage 
segment for temporary and persistent storage of data. The secure electronic 
registration and voting system also includes a computing device connected to the 
network for accessing the central hosting facility. 

[0010] According to another embodiment of the present invention, a secure 
electronic registration and voting system for use by users and local election officials 
providing access to voting related subsystems and processes through a network is 
disclosed. The secure electronic registration and voting system includes a central 
hosting facility, including a system web server for housing a home page and web 
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pages, a data storage device for storing local election office data, and an application 
processing segment providing the voting related subsystems and processes. The 
application processing segment includes an identification and authentication 
subsystem and associated services for identity proofing and assigning a roaming 
digital certificate to users and local election officials by the user or local election 
official submitting an approved credential or retrieving, completing, and submitting 
an identity proofing form, a voter registration subsystem and associated processes 
for registering a user to vote by completing an electronic application, digitally 
signing the application with the assigned roaming digital certificate, and having the 
application submitted electronically, wherein a local election official may review the 
application, approve or deny the application, update the status of the application, 
and communicate the status of the application to the user, a ballot creation 
subsystem and associated processes for creating a ballot definition file by an official 
of the local election office, transforming the ballot definition file to a standard 
format, validating the ballot by the local election official, and providing the ballot 
for use by the user, a voting subsystem and associated processes for providing 
secure voting by identifying and authenticating a user that logs in to vote and 
request a ballot, retrieving the user's identification information and digital 
certificate, generating a ballot from the user's local election office ballot definition 
file, digitally signing the ballot, sending the ballot to the user, receiving from the 
user the completed ballot digitally signed with the user's roaming digital certificate, 
time stamping the ballot, encrypting the ballot with a user's symmetric key, and 
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storing the encrypted ballot, transmitting a ballot summary to the user for 
confirmation, receiving confirmation, time stamping the ballot and encrypting the 
user's symmetric key with a local election office's public key, and storing the 
encrypted symmetric key and associated encrypted ballot in the local election 
office's electronic ballot box, a ballot tabulation and reconciliation subsystem and 
associated processes for reconciling encrypted ballots, wherein ballot tabulation 
includes providing a local election office with a token and a tabulation computer and 
requiring one election official to login to the tabulation computer and a second 
election official to login to the central hosting facility, separating voter identification 
information from the encrypted ballots and transferring the encrypted ballots to the 
tabulation computer, decrypting the ballots by decrypting the symmetric key 
associated with each ballot with the local election office's public key and decrypting 
each ballot with its associated symmetric key, and tabulating the decrypted ballots, 
and a common services subsystem and associated processes. The secure electronic 
registration and voting systems also includes a computer for accessing the central 
hosting facility through the network. 

[00 1 1] According to a further embodiment of the present invention, a method 
for identifying and authenticating a user through a secure electronic registration 
and voting system is disclosed. The method includes the steps of accessing the 
home page of the secure electronic registration and voting system, determining the 
existence of the user's department of defense credential, issuing a digital signature 
if the department of defense credential exists, providing an electronic federal 
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postcard application to the user, and retrieving the completed electronic federal 
postcard application. 

[0012] According to another embodiment of the present invention, a method 
for identifying and authenticating a user through a secure electronic registration 
and voting system is disclosed. The method includes the steps of accessing the 
home page of the secure electronic registration and voting system, determining the 
existence of the user's department of defense credential, determining the existence 
of the user's digital signature if the department of defense credential does not exist, 
providing an electronic federal postcard application to the user if the digital 
signature exists, and retrieving the completed electronic federal postcard 
application. 

[00 13] According to further embodiment of the present invention, a method 
for identifying and authenticating a user through a secure electronic registration 
and voting system. The method includes the steps of accessing the home page of the 
secure electronic registration and voting system, determining the existence of the 
user's department of defense credential, determining the existence of the user's 
digital signature if no department of defense credential does not exist, and 
providing an identity proofing form to the user if the user's digital signature does 
not exist. 

[0014] According to another embodiment of the present invention, a method 

for registering a user to vote with the user's local election office through a secure 
electronic registration and voting system is disclosed. The method includes the 
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steps of logging into the secure electronic registration and voting system by the user, 
authenticating the user as a valid user, completing an electronic application by the 
user, signing the completed electronic application with a digital signature assigned 
to the user, submitting the digitally signed electronic application, storing the 
electronic application in a database on the secure electronic registration and voting 
system assigned to the user's local election office, and notifying the user's local 
election office of the receipt of the user's completed electronic application. 
[0015] According to a further embodiment of the present invention, a method 

for creating a ballot for use on a secure electronic registration and voting system is 
disclosed. The method comprises the steps of creating a ballot definition file, 
storing the ballot definition file on the secure electronic registration and voting 
system, transforming the ballot definition file, storing the ballot definition file in a 
ballot definition database, validating the content of the ballot by the local election 
office, and submitting the ballot definition file to a voting engine. 
[00 16] According to a further embodiment, a method for voting using a secure 
electronic registration and voting system is disclosed. The method includes the 
steps of requesting a ballot by a user of the secure electronic registration and voting 
system, voting electronically by the user, securing the ballot by the secure electronic 
registration and voting system, reconciling the ballot, and tabulating the ballot by 
the user's local election office. 

[0017] Additional features and advantages of the invention will be set forth in 
the description that follows, and in part will be apparent from the description, or 
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may be learned by practice of the invention. The objectives and other advantages of 
the invention will be realized and attained by the structure particularly pointed out 
in the written description and claims hereof, as well as the appended drawings. 
[0018] It is to be understood that both the foregoing general description and 
the following detailed description are exemplary and explanatory and are intended 
to provide further explanation of the invention as claimed. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0019] The accompanying drawings, which are included to provide further 

understanding of the invention and are incorporated in and constitute a part of this 
specification, illustrate embodiments of the invention and together with the 
description serve to explain the principles of the invention. In the drawings: 
[0020] FIG. 1 shows the electronic registration and voting solution system 

architecture according to an embodiment of the present invention; 
[0021] FIG. 2a shows an overview of the process architecture incorporated in 
the electronic registration and voting solution, according to an embodiment of the 
present invention; 

[0022] FIG. 2b shows a detailed view of the home page and common services, 
according to an embodiment of the present invention; 

[0023] FIG. 2c show a detailed view of the identification and authentication 

processes 220, according to an embodiment of the present invention; 
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[0024] FIG. 2d shows a detailed view of the voter registration processes, 
according to an embodiment of the present invention; 

[0025] FIG. 2e shows a detailed view of the ballot definition processes, 
according to an embodiment of the present invention 

[0026] FIG. 2f shows a detailed view of the voting processes, according to an 
embodiment of the present invention; 

[0027] FIG. 2g shows a detailed view of the tabulation processes, according to 
an embodiment of the present invention; 

[0028] FIG. 3 shows a process flow diagram for the identification and 

authentication process of the electronic registration and voting solution according to 
an embodiment of the present invention; 

[0029] FIG. 4 shows a process flow diagram for the voter registration process 
of the electronic registration and voting solution according to an embodiment of the 
present invention; 

[0030] FIG. 5 shows a process flow diagram for the ballot definition process of 

the electronic registration and voting solution according to an embodiment of the 
present invention; 

[0031] FIG. 6 shows the process flow for voting and securing a ballot 

according to an embodiment of the present invention; 

[0032] FIG. 7 shows a process flow diagram for the ballot tabulation process 

of the electronic registration and voting solution according to an embodiment of the 
present invention. 
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DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS 

Reference will now be made in detail to various embodiments of the 
present invention, examples of which are illustrated in the accompanying drawings. 
[0033] FIG. 1 shows the electronic registration and voting solution system 

architecture 10 according to an embodiment of the present invention. The system 
architecture includes a central secure hosting environment 100 accessible through a 
network 110, such as the Internet, by a user, such as an absentee voter or a person 
desiring to register as a voter, from any computing device 120 anywhere in the 
world and subject to the voter's local or State laws governing the absentee voting 
process. The central hosting facility 100 is also accessible by officials of a local 
election office via a computer, or computers 120, over the network 110. The 
computer 120 of a local election office also includes additional processes 130 for 
managing the voting process for that jurisdiction. FIG. 1 illustrates the local 
election office processes 130 logically associated with storage devices 1040 assigned 
to the local election offices. 

[0034] According to an embodiment of the present invention, a user accesses 
the central hosting facility 100 over the Internet with a computer 120. Through a 
registration process and assignment of a roaming digital certificate the user's access 
is not tied to a specific computer; therefore, the user is not required to use the same 
computer each time he or she accesses the central hosting facility 100. For example, 
a user may access the central hosting facility 100 to register to vote from a 
computer in one location, such as a home computer, and may vote later from a 
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different computer in a different location, such as a computer in an Internet cafe in 
any city, state, or country. 

[0035] The central hosting facility 100 includes a system web server housing a 
home page 1010, an application processing segment 1020, firewalls 1030 and 1032, 
and data storage devices 1040. According to one embodiment, centralized servers 
are configured to create the central hosting facility 100. Centralized servers provide 
greater security and reliability, and the ability to scale the hardware configuration. 
Centralized servers also provide lower application maintenance and support costs, 
as well as reduced costs to "harden the site" to detect and prevent against unwanted 
intruders or attacks. 

[0036] The system home page 1010 is accessible by a user's computer 120 
through a firewall 1030. The system home page 1010 is used as an access point to 
other system services and information concerning the access and use of the central 
hosting facility 100. The system home page 1010 provides access to the application 
processing segment 1020 through a second firewall 1032. 

[0037] The application processing segment 1020 of the central hosting facility 

100 provides the necessary processing hardware and software for the various 
subsystems and processes associated with voter registration and voting. 
Applications associated with the application processing segment 1020 may include 
identification and authentication 1021, voter registration 1022, ballot definition 
1023, voting engine 1024, and/or ballot reconciliation 1025. Local election office 
processes 130 are also located on local election office computers 120. The local 



12 



Attorney Docket No. 86769-0026 

election office processes 130 work in conjunction with the application processing 
segment 1020 as part of the process architecture of the present invention. 
[0038] The data storage devices 1040 of the central hosting facility 100 
provide data storage for each local election office using the central hosting facility 
100. A local election office's storage device 1040 provides "voting system records" 
for that local election office only, and supports local ownership of processing and 
data. Furthermore, uploading data to, or downloading of data from, the local 
election office's storage is possible only by designated officials of the local election 
office through identification and authentication, and authorization access 
procedures. The local election office's storage may include voter registration 
information, ballot definitions and styles, and encrypted voted ballots, as well as 
comprehensive audit records of all events. It can be appreciated by one skilled in 
the art that the data storage devices 1040 may be physically or logically separated. 
The storage devices 1040 may also be located within a single server or divided 
among many servers. 

[0039] According to an embodiment of the present invention, the local election 
office computer gains access to the central hosting facility 110 in a manner similar 
to that of a voter; namely, through a network 110, such as the Internet, using the 
roaming digital certificate technology. Through the application processing segment 
1020 and the application processes of the local election office 130 a local election 
office computer includes uploading and downloading capabilities for that local 
election office's data. Using the application processes 130 of the local election office 
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computer to access the central hosting facility the local election official can access 
services, such as voter registration, ballot definition, ballot reconciliation, 
separating encrypted ballots from the voter records to maintain anonymity, and 
downloading of encrypted ballots. The local election official can also decrypt 
downloaded ballots and submit them to ballot tabulation and ballot auditing. 
[0040] FIG. 2a shows an overview of the process architecture 20 incorporated 

in the electronic registration and voting solution, according to an embodiment of the 
present invention. Generally, the process architecture is separated into home page 
and common services 210, identification and authentication processes 220, voter 
registration processes 230, ballot definition processes 240, voting processes 250, and 
tabulation processes 260. 

[0041] FIG. 2b shows a detailed view of the home page and common services, 
according to an embodiment of the present invention. The home page 1010, as 
shown in Fig. 1, provides the initial access point to the application processes of the 
central hosting facility. As shown in FIG. 2b, home page and common services 
provide the initial access and presentation services. According to one embodiment 
of the present invention, these home page and common services include 
presentation services for subsystems 2102, logging and auditing services for 
subsystems 2104, application integration services 2106, common services for 
subsystems 2108, access control and authorization services 2110, and data access 
services for subsystems 2112. 
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[0042] Presentation services 2102 provide the mechanism for presenting 
information to the user in a consistent fashion. Logging and auditing services 2104 
allow for logging and auditing of activities that take place within the processes and 
systems of the central hosting facility. Application integration services 2106 
provide the ability for the various processes and systems of the central hosting 
facility to interact in a consistent fashion. Common services for subsystems 2 108 
reduce overhead by reducing redundant services used by many of the subsystems. 
Access control and authorization services 2110 assist in controlling access to 
services by only those authorized to use them. Data access services for subsystems 
2 112 controls the access to data by the various subsystems. 

[0043] FIG. 2c show a detailed view of the identification and authentication 
processes 220, according to an embodiment of the present invention. The 
identification and authentication subsystem and processes provide a security layer 
to all other processes of the central hosting facility. The identification and 
authentication processes 220 require that any user or local election office official 
provide proper identification before they are given access to additional services 
within the central hosting facility 100, as shown in FIG. 1. Identification and 
authentication processes 220 include on-line Federal Postcard Application ("FPCA") 
services to all absentee voters regardless of participation 2202; identity proofing 
services for all Uniformed and Overseas Citizens Absentee Voting Act ("UOCAVA") 
citizens, local election offices ("LEOs"), and operations personnel 2204; registration 
for all Department of Defense ("DoD") Common Access Card ("CAC") and non-CAC 
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smart card holders 2206; login services for voter registration, voting, and email for 
registered users 2208; and roaming digital certificate and managed Public Key 
Infrastructure ("PKT) services 2210. 

[0044] On-line FPCA services 2202 allows any authorized user to access and 

complete an FPCA in order to register as a voter, whether or not they intend to vote 
using the secure on-line registration and voting solution of the present invention. 
Identity proofing services 2204 provides the services necessary for a user of the 
secure on-line registration and voting system to complete and submit information 
necessary to prove their identity. Registration for all DoD CAC and non-CAC smart 
card holders 2206 provides registration services specific to those with Department 
of Defense credentials and services specific to those with out. Login services for 
voter registration, voting, and email for registered users 2208 provides the login 
services necessary to access specific services. Roaming digital certificate and 
managed Public Key Infrastructure ("PKT) services 2210 provides the security 
services protecting access to the secure on-line registration and voting solution, as 
well as specific document generated throughout the registration and voting 
processes. 

[0045] FIG. 2d shows a detailed view of the voter registration processes 230, 
according to an embodiment of the present invention. Voter registration processes 
230 include providing electronic voter registration services and absentee ballot 
requests through electronic Federal Postcard Application ("eFPCA") 2302; status 
checking services for UOCAVA citizens and LEOs 2304; communications to LEOs 
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on new registrations and transmittal of eFPCA to LEOs 2306; secure transmission 
services between UOCAVA citizen, LEO and central hosting facility 2308; voter 
registration verification and update services to LEOs 2310; and voter registration 
database creation and maintenance services 2312. 

[0046] Electronic voter registration services and absentee ballot requests 
through eFPCA 2302 provide the processes for requesting and submitting an 
eFPCA. Status checking services for UOCAVA citizens and LEOs 2304 allows those 
with the proper authorization to check the status of various processes within the 
secure electronic registration and voting solution. Communications to LEOs on new 
registrations and transmittal of eFPCA to LEOs 2306 provides the automatic 
generation and sending of communications upon the receipt of registration and 
eFPCA submission. Secure transmission services between UOCAVA citizen, LEO, 
and central hosting facility 2308 provides the processes to ensure secure 
communications among authorized users. Voter registration verification and 
update services to LEOs 2310 provides ability to verify information contained on a 
registration application and provide status information to users submitting 
registration applications. Voter registration database creation and maintenance 
services 2312 provides the ability to create, update and maintain a database 
assigned to a local election office for the purpose of maintaining voter registration 
information. 

[0047] FIG. 2e shows a detailed view of the ballot definition processes 240, 
according to an embodiment of the present invention. Ballot definition processes 
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240 include providing LEO balloting system interface services 2402; central voting 
facility ballot conversion services 2404; LEO ballot definition services 2406; and 
central voting facility ballot database creation and maintenance services 2408. 
[0048] LEO balloting system interface services 2402 provides a user interface 
for creating or submitting a ballot definition file. Central voting facility ballot 
conversion services 2404 allow for the conversion of a ballot definition file to a ballot 
for use by a voter. LEO ballot definition services 2406 provides the tools used by a 
local election official to generate a ballot definition file locally and upload the file to 
the central hosting facility, or directly on the central hosting facility. Central voting 
facility ballot database creation and maintenance services 2408 provides the 
necessary processes for the creation and maintenance of a local election office's 
ballot database. 

[0049] FIG. 2f shows a detailed view of the voting processes 250, according to 
an embodiment of the present invention. Voting processes 250 include providing 
ballot generation services based on voter precinct and/or precinct split 2502; vote 
casting and symmetric encryption services 2504; cast ballot state database creation 
and maintenance services 2506; ballot presentation services within browser 2508; 
vote review, change and confirmation services 2510 and vote auditing services 2512. 
[0050] Ballot generation services based on voter precinct and/or precinct split 
2502 generate ballots for voters based on the ballot definition file submitted by the 
local election office and the rules associated with the precincts of the local election 
office. Vote casting and symmetric encryption services 2504 manages the voting 



18 



Attorney Docket No. 86769-0026 

and encryption of the ballot and the voter's symmetric key once the ballot has been 
cast and confirmed. Cast ballot state database creation and maintenance services 
2506 manages the creation and maintenance of the ballot database. Ballot 
presentation services within browser 2508 ensure accurate presentation of a voter's 
ballot within their browser. Vote review, change and confirmation services 2510 
manages the voter's review of a cast ballot and ensure changes are accurately 
reflected on the final ballot, as well as ensuring that voter's confirm all completed 
ballots. Vote auditing services 2512 tracks the actions of a voter to ensure that all 
voting rules are complied with during the voting process, as well as allowing for the 
generation of auditing reports. 

[0051] FIG. 2g shows a detailed view of the tabulation processes 260, 
according to an embodiment of the present invention. Tabulation processes 260 
include providing controlled login for LEO official 2602; ballot reconciliation 
services 2604; voter ID and ballot separation services 2606, and download to local 
election office computer of encrypted ballots 2608, where the local computer 
provides ballot decryption services for LEO 2610; cast ballot LEO conversion 
services 2612; cast ballot LEO database creation and maintenance services 2612; 
cast ballot LEO tabulation interface services 2614; and LEO auditing services 2616. 
[0052] Controlled login for LEO official 2602 ensures that local election 

officials follow proper login procedures. Ballot reconciliation services 2604 allow 
reconciliation of the ballots cast with the registered users that voted. Voter ID and 
ballot separation services 2606 separates each voter's identification information 
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from their ballot prior to download and tabulation to ensure voter anonymity. 
Download to local election office computer of encrypted ballots 2608 ensures that 
encrypted ballots are accurately transferred to the local election office's computer 
for tabulation. Ballot decryption services for LEO 2610 are housed on the local 
election office computer and provides for the decryption of the user's key and the 
ballot. Cast ballot LEO conversion services 2612. Cast ballot LEO database 
creation and maintenance services 2612 provides services for creation and 
maintenance of the local election offices database for cast ballots. Cast ballot LEO 
tabulation interface services 2614 provides the user interface for tabulating the cast 
ballots. LEO auditing services 2616 provides services for auditing the balloting 
process. 

[0053] In operation, the present invention provides the various methods and 
processes associated with a secure electronic registration and voting system. For 
example, the present invention allows for the identification and authentication of 
voters and local election office workers; the registration of voters; the creation of 
ballot definitions; voting and securing a ballot; and ballot tabulation. 
[0054] FIG. 3 shows a process flow diagram for the identification and 
authentication processes of the electronic registration and voting solution, according 
to an embodiment of the present invention. The identification and authentication 
process 30 begins in Step 302 when a user accesses the home page of the central 
hosting facility. A user may be a voter or potential voter. Through a web page from 
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the home page a user may also check to see if their voting jurisdiction allows for 
participation in the on line voting process. 

[0055] If a user is in a jurisdiction allowing on-line voting, the user confirms 

whether or not he/she has a DoD CAC credential in Step 304. If a user has a DoD 
credential, a roaming digital PKI certificate for use as a digital signature is 
assigned to the user in Step 306. Once the user obtains a digital certificate, he or 
she may then request and complete an eFPCA form in Step 308. 
[0056] For a user that does not have a DoD CAC credential, the user may 
provide a previously secured digital signature in Step 310. If the user provides a 
digital signature in Step 310, the user is permitted to request and complete the 
eFPCA form in Step 308. For a user that can not provide a DoD CAC credential in 
Step 304, nor can provide a digital signature in Step 310, an identity proofing form 
is provided to the user in Step 320. 

[0057] The user then fills out in Step 322 and prints the identity proofing 
form on the user's printer in Step 324. The user may then have the form notarized 
in Step 326, and forward it to a validation entity in Step 328. The validation entity 
confirms the accuracy of the information provided in Step 330. Upon the proper 
completion and validation of the identity proof, the validation entity notifies the 
user and issues to the user a roaming digital PKI certificate in Step 332. The 
roaming certificate is the user's digital signature for use with the central hosting 
facility. After receipt of the certificate, the user may request and complete an 
eFPCA form as previously described. 
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[0058] Once a roaming digital certificate is issued, the user may gain access to 
the central hosting facility using a user ID, password, and challenge questions. The 
digital certificate is not user computer specific. Therefore, a user can access the 
central hosting facility with the acquired digital certificate from any computer. 
[0059] Election officials are also provided a digital certificate for use with the 
central hosting facility. The digital certificate and access capabilities assigned to a 
particular election official are based upon an official's status and need for access to 
the various processes of the online election system. 

[0060] FIG. 4 shows a process flow diagram for the voter registration process 
of the electronic registration and voting solution according to an embodiment of the 
present invention. The registration process 40 begins when a user, who has 
previously received a digital certificate, logs in and authenticates them self with the 
central hosting facility in Step 410. 

[0061] Once a user is properly identified and authenticated, the user may 

register to vote with and/or request an absentee ballot from their local election office 
by completing an eFPCA in Step 412 and submitting the eFPCA signed with the 
user's digital certificate Step 414 to the central hosting facility. The central hosting 
facility forwards the registration information to the user's local election office in 
Step 420. Where required and according to State law the user may also be advised 
to print and submit a hard copy of the FPCA with the user's signature. 
[0062] After submitting a voter registration application (for example, an 
absentee voter application), a user may also login Step 410 and check the status of 
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the application in Step 430. The LEO may also communicate status information to 
the voter Step 440. 

[0063] The local election office's review of an eFPCA submitted by a user 

begins when a local election official logs in and authenticates himself in Step 520. A 
local election office can then retrieve and review the registration application in Step 
452. At this point, the local election official may approve or deny the user's 
application in Step 454. After the review and approval/denial process, the local 
election official updates the user's status in Step 456 and provides registration 
information for an approved user to the central hosting facility's voter registration 
database, as well as the local voter registration database. 

[0064] In each instance that there is activity at the central hosting facility 
voter registration database, a communication is generated and sent to the local 
election office in Step 420. 

[0065] FIG. 5 shows a process flow diagram for the ballot definition process of 
the electronic registration and voting solution, according to an embodiment of the 
present invention. A local election office uses the ballot definition process to create 
ballots specific to that jurisdiction's races and local ballot requirements. The ballot 
definition process 50 begins with the local election officials preparing a ballot 
definition file in Step 510. The definition file defines, for example, the races 
associated with an election, the candidates, precincts, precinct splits, and any other 
information and formatting information necessary to create a ballot. 
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[0066] The ballot definition file may be created offline and imported to the 
central hosting facility in Step 512 or a local election official may log on to the 
central hosting facility and create the ballot definition file online in Step 514. After 
either of the ballot creation methods, the ballot definition file is stored on the 
central hosting facility. Once the central hosting facility collects a definition file, it 
is transformed into a standard format specified by the central hosting facility and 
stored in a ballot definition database in Step 530. 

[0067] The ballot then goes through a ballot content validation process by the 
local election official in Step 540. The validation process allows for the creation of 
an audit record in Step 550 or ballot proofing in Step 560. The ballot is then 
provided to the voting engine in Step 570 for use with registered voters. 
[0068] The ballot definition process 50 provides the local election offices with 
the capability to validate the transformed ballot content, associate ballot types with 
precincts, and apply local election voting rules, such as random sorting of 
candidates, to their ballots. The central hosting facility also provides for a complete 
audit trail of the ballot and ballot definition process. 

[0069] FIG. 6 shows the process flow for voting and securing a ballot, 
according to an embodiment of the present invention. The voting process 60 begins 
with a user logging into the central hosting facility by identifying and 
authenticating himself or herself as a valid voter in Step 6 10. Once a user has been 
properly identified and authenticated in Step 610, the voter may then request a 
ballot Step 612. Upon this request, a ballot is generated in Step 614 based on the 
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voter's registration information, precinct information, and ballot style and definition. 
For security purposes, the server generating the ballot will also digitally sign the 
ballot. 

[0070] The ballot is then provided to the voter in Step 618 and the voter may 
enter his or her choices on the ballot in Step 620. After voting is completed, the 
user digitally signs the ballot using the roaming digital certificate and submits the 
ballot back to the central voting system in Step 622. 

[0071] When the central hosting facility receives the completed ballot, it is 
time stamped in Step 624 and encrypted in Step 626 with the user's symmetric key. 
A summary of the voter's choices is then transmitted back to the voter in Step 628. 
This retransmission provides the voter with an opportunity to review their choice 
set from the ballot and confirm their vote in Step 630. Upon digitally signed 
confirmation by the voter, the central hosting facility time stamps the ballot in Step 
632, encrypts the symmetric key using the local election office's public key in Step 
634, and stores the encrypted ballot and associated encrypted symmetric key in the 
electronic ballot box of the voter's local election office in Step 640, thus ensuring 
that only the local election office can view the voter's choices. 

[0072] After a ballot is placed in the electronic ballot box in Step 640, the local 
election office may perform a ballot reconciliation process, download the ballot or 
ballots located in the electronic ballot box in Step 650, decrypt the ballot or ballots 
using the assigned security keys, tabulate the results, and prepare reports based on 
the tabulation in Step 660. 
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[0073] The balloting process 60 according to the present invention provides a 
secure voting capability. The balloting process 60 ensures that ballots in the 
electronic ballot box are received securely and intact. Voters are provided an 
opportunity to verify their votes and only designated local election officials of the 
voter's local election office will have the proper security keys necessary to decrypt 
the ballot. 

[0074] FIG. 7 shows a detailed view of the process flow for the ballot 

tabulation process of the electronic registration and voting system, according to an 
embodiment of the present invention. The tabulation process of the central hosting 
facility provides the ability for the local election office to reconcile the ballots in Step 
710 submitted during the election process. Reconciliation allows the local election 
office the opportunity to confirm that the voters participating in the election 
followed local election rules, such as following proper voting procedures with respect 
to the time of voting. Voter eligibility may also be confirmed. For example, 
fraudulent use of a deceased voter's information can be identified during the 
reconciliation Step 710. The central hosting facility also creates a voter history in 
Step 720 and allows the local election office to download and store the voter history 
in the local election office voter registration database in Step 730. 
[0075] The ballot tabulation process also includes various security measures 

to ensure fair and accurate ballot tabulation. According to an embodiment of the 
present invention, a token and a computer are provided to the local election office 
for use during the ballot tabulation. Two or more local officials are designated for 
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the tabulation process. A dual login is also required in Step 740 wherein one 
election official installs the token and logs into the local election office computer 
used for tabulation and the second official logs into the central hosting facility. 
After the dual login Step 730, voter IDs are separated from the encrypted ballots 
and the encrypted ballots are shuffled and then transferred to the tabulation 
computer Step 750. 

[0076] The local election office may then disconnect the tabulation computer 
from the network and locally decrypt the ballots with the local election office 
decryption key in Step 760. The local election office decrypts each ballot by first 
decrypting a ballot's associated symmetric key using the local election office's public 
key, then using the associated symmetric key to decrypt the ballot. Once the ballots 
are decrypted, the local election office tabulation system can tabulate the ballots in 
Step 770, generate election results in Step 772, create audit reports in Step 774, and 
prepare a consolidated report of the results in Step 776 

[0077] In summary, the present invention provides a secure, online voting 
capability that allows any voter to register and cast their ballot according to the 
timeframe of a local election. The cast ballots are encrypted to provide security to 
the voters and their ballots. All ballots for a local election office are stored in the 
ballot storage associated with that local election office. Only officials from a voter's 
local election office may decrypt and tabulate their ballot. 

[0078] Every event that takes place throughout the registration and voting 

process may be tracked and audited. Thus, an independent evaluation of all actions 
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associated with an election is possible. Furthermore, ballot reconciliation according 
to the present invention allows the ability to flag suspect ballots and if necessary 
exclude them from tabulation until resolved by election officials. Ballot recounting 
is also provided through the repeatability of the reconciliation, download, 
decryption and tabulation processes. 

[0079] It will be apparent to those skilled in the art that various modifications 
and variations can be made in the present invention without departing from the 
spirit or scope of the invention. Thus, it is intended that the present invention 
cover the modifications and variations of this invention provided that they come 
within the scope of any claims and their equivalents. 
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